GCP Professional Cloud Security Engineer Practice Question
Your company operates an on-premises data center that must exchange traffic with a Google Cloud VPC over two redundant VPN tunnels. The networking team wants to eliminate the manual effort of updating static routes every time a new subnet is added either on-premises or in Google Cloud, and they need the link to provide a 99.99 percent availability SLA. What should you do to meet these requirements?
Keep the existing tunnels but enable route export on the VPC and use Cloud NAT to propagate new internal prefixes to the on-premises router automatically.
Deploy an HA VPN gateway and attach a Cloud Router with BGP sessions on each tunnel interface so route advertisements between the VPC and the on-premises router occur automatically.
Migrate the connection to Dedicated Interconnect and create custom static routes on a Cloud Router to advertise VPC subnets while disabling BGP on the on-premises router.
Replace the VPN with two policy-based VPN tunnels that use IKEv2 and configure static routes for every current and future subnet on both sides.
High-availability (HA) VPN offers a 99.99 percent availability SLA when you create two tunnels on separate interfaces of the same HA VPN gateway. When you attach the HA VPN gateway to a Cloud Router and configure BGP sessions on each tunnel, Cloud Router automatically advertises VPC subnet routes to the on-premises router and learns on-premises prefixes in return. This removes the need to maintain static routes.
Policy-based VPNs cannot use Cloud Router, so they require static routes and do not provide the 99.99 percent SLA. Cloud NAT does not advertise routes; it only provides outbound address translation. Dedicated Interconnect can use BGP, but replacing the VPN would not meet the stated requirement to keep the existing encrypted VPN-based connectivity, and turning off BGP on the on-premises router would prevent dynamic route exchange.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is HA VPN in Google Cloud?
Open an interactive chat with Bash
How does a Cloud Router work with BGP?
Open an interactive chat with Bash
Why is static routing not ideal in this scenario?
Open an interactive chat with Bash
What is High-Availability (HA) VPN in Google Cloud?
Open an interactive chat with Bash
How does BGP work with Cloud Router to automate route management?
Open an interactive chat with Bash
What are the key differences between policy-based and route-based VPNs?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Securing communications and establishing boundary protection
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .